Configure wireguard client to connect to NordVPN servers?

Thank you very much!! Yes, with 0.0.0.0/0 its run! :slight_smile: :partying_face:

Greetings,
Pad

I installed wireguard after nordvpn using sudo apt install wireguard (I have ubuntu), wireguard commands work like wg --help but when you type in the command sudo wg show nordlynx private-key it gives me that unable to access protocol message, I tried running the command under su and bash to no success either :frowning:

Do you think the nordvpn app is too new for wireguard to catch the key ?

Hi,

I don’t know if it has anything to do with the version of nordvpn app, I know that each nordvpn account has its own private-key. When I got mine I was running an older version of nordvpn app, and never used it again. But people here seem to be able to get their keys with the way I wrote. Easiest and quickest way I can help you is to try to login with your account and email back your key, that is if you’re willing to provide your credentials, otherwise try another linux distro and/or older version of nordvpn app.

Teymur.

Hi,

Your wireguard interface ip should be the one that you got using ifconfig nordlynx command and the one your wrote is the endpoint ip.

Teymur

Hi guys,

The instructions I wrote above I was too optimistic on them thinking that anyone configuring wireguard already knows its basic working principles and only needs fetching its private key. I have no time to write a complete set of instructions from scratch describing each and every step. If you have a question fire away and I’ll try to answer those.

Teymur

I’ll try see if I can source an older version of the nordvpn app and if that fails I’ll try another Linux distro, failing that I’ll pm you my credentials, thank you for your assistance so far really do appreciate it

If you just issue wg, does it correctly show a connected tunnel.

Cheers.

when i type in wg it does nothing just allows me to type a new command

managed to install an older version of nordvpn managed to manually access their repo Index of /deb/nordvpn/debian/pool/main/ thankfully they are hosting old .deb files of their older versions, i’ve downgraded to 3.80 which has nordlynx technology, am i to change the technology to nordlynx on nordvpn and reconnecting because that’s what i’ve been doing, if there’s any configuration required for wireguard i’ve not done so, literally just installed and tried that command to try retrieve my private key, still getting the same message

modo@modo-Satellite-C660:~$ nordvpn set technology nordlynx
Technology is successfully set to ‘NordLynx’.
You are connected to NordVPN. Please reconnect to enable the setting.
modo@modo-Satellite-C660:~$ nordvpn c
A new version of NordVPN is available! Please update the application.
Connecting to United Kingdom #1840 (uk1840.nordvpncom(hzzp://uk1840.nordvpn.com/))
You are connected to United Kingdom #1840 (uk1840.nordvpn
com(hzzp://uk1840.nordvpn.com/))!
modo@modo-Satellite-C660:~$ nordvpn status
A new version of NordVPN is available! Please update the application.
Status: Connected
Current server: uk1840.nordvpn*com(h**p://uk1840.nordvpn.com/)
Country: United Kingdom
City: London
Your new IP: ***** I’ve Edited This Part ******
Current technology: NordLynx
Transfer: 901 B received, 515 B sent
Uptime: 6 seconds
modo@modo-Satellite-C660:~$ ifconfig nordlynx
nordlynx: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1420
inet 10.5.0.3 netmask 255.255.0.0 destination 10.5.0.3
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 2 bytes 1006 (1.0 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 744 (744.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
modo@modo-Satellite-C660:~$ ^C
modo@modo-Satellite-C660:~$ sudo wg show nordlynx private-key
[sudo] password for modo:
Unable to access interface: Protocol not supported
modo@modo-Satellite-C660:~$ sudo wg show
modo@modo-Satellite-C660:~$ sudo wg
modo@modo-Satellite-C660:~$ wg
modo@modo-Satellite-C660:~$ wg --help
Usage: wg []
Available subcommands:
show: Shows the current configuration and device information
showconf: Shows the current configuration of a given WireGuard interface, for use with setconf' set: Change the current configuration, add peers, remove peers, or change peers setconf: Applies a configuration file to a WireGuard interface addconf: Appends a configuration file to a WireGuard interface syncconf: Synchronizes a configuration file to a WireGuard interface genkey: Generates a new private key and writes it to stdout genpsk: Generates a new preshared key and writes it to stdout pubkey: Reads a private key from stdin and writes a public key to stdout You may pass –help’ to any of these subcommands to view usage.
modo@modo-Satellite-C660:~$

had to edit links in the quoted terminal above as i can’t post more than 2 links

Kinda doesn’t make sense, as you can see the interface, but nothing is reported by wg.
The one thing I do notice is this:

Unless you are running as root, that command should fail.

it’s baffling me as well lol, actually considering installing another linux distro in a virtual machine to see if i get the same results, if i execute wg in a terminal not as root but just as my normal user it just brings up a new command line like you’ve quoted above

Good news guys eventually got my private key after installing Debian on a virtual machine then installing wireguard under root and installing nordvpn 3.3.0 under root, it now shows it as an interface in wireguard, so glad I got this working lol thanks for all the assistance guys

1 Like

This is exciting, out of curiosity what are the performance differences you are seeing with wireguard vs ovpn on nordvpn? I tried re-creating your steps but failed miserably. So I am going to start again from scratch. Any chance you could put together the step by steps one would need to do to get this implemented correctly?

I run surfshark vpn, they only have wireguard app for apple, windows and android, is it possible to find some config files in those app to create wireguard files on router?

thanks

ok,first off please excuse my punctuation i didnt feel like proof reading and corrections :slight_smile:
also i am VERY novice at linux… i just kinda figured this out by playing around but it works for what i need it for which is a vpn connection with a killswitch that is always on in the os not an app. i DO NOT know the security implications for connecting this way or if it is safe, only that it WORKS!

so, for anyone who is curious i am using kali which is debian based linux and i have figured out how to manually connect to nordvpn reliably at startup so the vpn is permanently connected and all traffic goes through it and if it drops all trafic is halted NOTHING LEAKS as far as i can tell… again as i said, i am very novice at linux so maybe it does or this is ridiculous and defeats its own purpose or who knows i only added this as i know its similar to what may be helpful for other applications and again as i said, IT WORKS for manual wg-quick connections.

so first thing, ill do all this in the terminal
i configure systemd/networkd (“nano /etc/systemd/networking/wg0.network”) for wg0 because thats what im using because i wanted dhcp disabled completly but you may need to edit the /etc/network/interfaces if thats how yours is set up and add something in the correct syntax equivilant of this to it instead

[Match]
Name=wg0

[Network]
Address=10.5.0.2/32
DNS=103.86.96.100
DNS=103.86.99.100
DHCP=false

i had problems with it not assigning the ip correctlty to wg0 on its own with the way wg showconf presents the file contents and so for me i decided i liked this way best
OR/BUT
im pretty sure you can just manually add only the desired ip of 10.5.0.2/32 to the [Interfaces] section of the wg0.conf file and get the same result… anyway…

then i add the sources for nordvpn
“nano /etc/apt/sources.list.d/nordvpn.list”

deb Index of /deb/nordvpn/debian/ stable main

and save with ctl x

and “apt update”
then apt “install nordvpn”
and then “nordvpn login” and enter my credentials and it says connected or something similar
then “nordvpn set technology nordlynx” to set it from openvpn to wireguard
i then “nordvpn c --group p2p us los_angeles” this connects me to a p2p friendly server in los angeles
once it says connected i “ifconfig” and ensure that the nordlynx connection is there and it is both sending and RECEIVING data. i then “ping” once again making sure that things are indeed working correctly.
if everythings good to this point i then:
“wg showconf nordlynx”
and it prints out the info of what would be the wireguard configuration file in correct file format :slight_smile:
here is what the command gives me (the keys and endpoint redacted):

[Interface]
ListenPort = 43329
PrivateKey = ***********************************************

[Peer]
PublicKey = *************************************************
AllowedIPs = 0.0.0.0/0
Endpoint = ...:51820
PersistentKeepalive = 25

i then disconnect from nordlynx “nordlynx d”
highlight and copy the info given and
create a file “nano /etc/wireguard/wg0.conf” with which i paste the given info from the wg showconf nordlynx command,
and also this to the [Interface] section from wg-quick manual (man wg-quick) for the killswitch:

PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i
fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i
fwmark) -m addrtype ! --dst-type LOCAL -j REJECT

so it looks like:

[Interface]
ListenPort = 43329
PrivateKey = ***********************************************
PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT

[Peer]
PublicKey = ******************************************
AllowedIPs = 0.0.0.0/0
Endpoint = ...:51820
PersistentKeepalive = 25

and then save with ctl x.
i then edit the resolv.conf and delete whats in it and replace it with the 2 nordvpn dns servers instead
“nano /etc/resolv.conf” so it looks like this:

nameserver 103.86.96.100
nameserver 103.86.99.100

and then save with ctl x
and “chattr +I /etc/resolv.conf” to prevent any further changes
at this point everything should be good to go and i just need to enable the process at boot and start it
“systemctl enable wg-quick@wg0”
“systemctl start wg-quick@wg0”
then i check everything with “ifconfig” and make sure there is a listing for wg0 now, (just like the nordlynx was before when i had the nordvpn app connected) and that it is both sending AND receiving data
i also “ping” to verify its up and running

at this point i should now be able to go to my browser and to any ip or dns leak testing site and get back the los angeles based vpn ip with no sign of my own whatsoever.
i then remove the nordvpn program
“apt remove nordvpn”
and comment out the nordvpn sources.list additions
“nano /etc/apt/sources.list.d/nordvpn.list”

#deb Index of /deb/nordvpn/debian/ stable main

save ctl x
and then
“apt update”
this should now be persistent across reboots also and will permanently be there until it is stopped with:
“systemctl stop wg-quick@wg0”
any ifconfig after stopping will now only show my eth0 and lo NOT the wg0 at which time my personal ip address will then be showing in any ip or dns test site untill it is rebooted or the service restarted with
“systemctl restart wg-quick@wg0”

anyway i wrote this hoping that the way the wg showconf command will give the wireguard config file contents and the way ive implemented things here might be useful for someone elses needs as well so i hope this helps someone because i sure find it useful…

i realize that by relaying this info here it inevitably tips off the vpn this is possible which only encourages them to change it so it isnt possible to do this but my hope is that maybe we all just keep this quiet and it doesnt get back around to them :slight_smile:

again i am novice at BEST with all this so for all i know this is a horrible idea

1 Like

Does this still work today 11/02/21?

Hi everyone,
sorry I am late to the party…
Anyways, thanks to all the great information on this post, I was able to create a script that generates the Wireguard configuration file for a NordVPN connection.
Such file can be imported to the Wireguard client on all platforms which makes using NordVPN so much faster and easier.
And… of course the content of the generated file can be cut/paste into the GL.iNet Wireguard management section and voila’, all done.

The repository is here:

There is full documentation.
Let me know if that works for you.

Stefano

4 Likes

Thanks for creating the NordVpnToWireguard script. I did a test to generate a Wireguard config file and it works! :slightly_smiling_face: :slightly_smiling_face: I made a small change to a copy of script to log in and log out with my username/password.

I made a small change to another copy of the script to generate a Wireguard config file for NordVPN Double_VPN (a.k.a. multi hop), which works also! ! :slightly_smiling_face: :slightly_smiling_face:

I do not work for and I am not directly associated with GL.iNet

1 Like

@wcs2228 Glad it helped!! I setup my whole family and all the media devices to use the Wireguard client to connect to NordVPN and also from the GL.iNet router. It’s so much faster and easy to use than the official app.

Stefano

1 Like

Guys,
I just realized that I named the repository with a dash at the start. Of course, it was cosmetic but it was ugly, so I corrected it.
The correct link is:

Sorry for the confusion.

Stefano

5 Likes